{ "description": "AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes Cluster Templates.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate.", "properties": { "template": { "description": "AWSClusterTemplateResource defines the desired state of AWSClusterTemplate.", "properties": { "metadata": { "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", "type": "object" } }, "type": "object", "additionalProperties": false }, "spec": { "description": "AWSClusterSpec defines the desired state of an EC2-based Kubernetes cluster.", "properties": { "additionalTags": { "additionalProperties": { "type": "string" }, "description": "AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the\nones added by default.", "type": "object" }, "bastion": { "description": "Bastion contains options to configure the bastion host.", "properties": { "allowedCIDRBlocks": { "description": "AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host.\nThey are set as ingress rules for the Bastion host's Security Group (defaults to 0.0.0.0/0).", "items": { "type": "string" }, "type": "array" }, "ami": { "description": "AMI will use the specified AMI to boot the bastion. If not specified,\nthe AMI will default to one picked out in public space.", "type": "string" }, "disableIngressRules": { "description": "DisableIngressRules will ensure there are no Ingress rules in the bastion host's security group.\nRequires AllowedCIDRBlocks to be empty.", "type": "boolean" }, "enabled": { "description": "Enabled allows this provider to create a bastion host instance\nwith a public ip to access the VPC private network.", "type": "boolean" }, "instanceType": { "description": "InstanceType will use the specified instance type for the bastion. If not specified,\nCluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro\nwill be the default.", "type": "string" } }, "type": "object", "additionalProperties": false }, "controlPlaneEndpoint": { "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "properties": { "host": { "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { "description": "The port on which the API server is serving.", "format": "int32", "type": "integer" } }, "required": [ "host", "port" ], "type": "object", "additionalProperties": false }, "controlPlaneLoadBalancer": { "description": "ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior.", "properties": { "additionalSecurityGroups": { "description": "AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs\nThis is optional - if not provided new security groups will be created for the load balancer", "items": { "type": "string" }, "type": "array" }, "crossZoneLoadBalancing": { "description": "CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing.\n\n\nWith cross-zone load balancing, each load balancer node for your Classic Load Balancer\ndistributes requests evenly across the registered instances in all enabled Availability Zones.\nIf cross-zone load balancing is disabled, each load balancer node distributes requests evenly across\nthe registered instances in its Availability Zone only.\n\n\nDefaults to false.", "type": "boolean" }, "healthCheckProtocol": { "description": "HealthCheckProtocol sets the protocol type for classic ELB health check target\ndefault value is ClassicELBProtocolSSL", "type": "string" }, "name": { "description": "Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique\nwithin your set of load balancers for the region, must have a maximum of 32 characters, must\ncontain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once\nset, the value cannot be changed.", "maxLength": 32, "pattern": "^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$", "type": "string" }, "scheme": { "default": "internet-facing", "description": "Scheme sets the scheme of the load balancer (defaults to internet-facing)", "enum": [ "internet-facing", "internal" ], "type": "string" }, "subnets": { "description": "Subnets sets the subnets that should be applied to the control plane load balancer (defaults to discovered subnets for managed VPCs or an empty set for unmanaged VPCs)", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "identityRef": { "description": "IdentityRef is a reference to an identity to be used when reconciling the managed control plane.\nIf no identity is specified, the default identity for this controller will be used.", "properties": { "kind": { "description": "Kind of the identity.", "enum": [ "AWSClusterControllerIdentity", "AWSClusterRoleIdentity", "AWSClusterStaticIdentity" ], "type": "string" }, "name": { "description": "Name of the identity.", "minLength": 1, "type": "string" } }, "required": [ "kind", "name" ], "type": "object", "additionalProperties": false }, "imageLookupBaseOS": { "description": "ImageLookupBaseOS is the name of the base operating system used to look\nup machine images when a machine does not specify an AMI. When set, this\nwill be used for all cluster machines unless a machine specifies a\ndifferent ImageLookupBaseOS.", "type": "string" }, "imageLookupFormat": { "description": "ImageLookupFormat is the AMI naming format to look up machine images when\na machine does not specify an AMI. When set, this will be used for all\ncluster machines unless a machine specifies a different ImageLookupOrg.\nSupports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base\nOS and kubernetes version, respectively. The BaseOS will be the value in\nImageLookupBaseOS or ubuntu (the default), and the kubernetes version as\ndefined by the packages produced by kubernetes/release without v as a\nprefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default\nimage format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up\nsearching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a\nMachine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See\nalso: https://golang.org/pkg/text/template/", "type": "string" }, "imageLookupOrg": { "description": "ImageLookupOrg is the AWS Organization ID to look up machine images when a\nmachine does not specify an AMI. When set, this will be used for all\ncluster machines unless a machine specifies a different ImageLookupOrg.", "type": "string" }, "network": { "description": "NetworkSpec encapsulates all things related to AWS network.", "properties": { "cni": { "description": "CNI configuration", "properties": { "cniIngressRules": { "description": "CNIIngressRules specify rules to apply to control plane and worker node security groups.\nThe source for the rule will be set to control plane and worker security group IDs.", "items": { "description": "CNIIngressRule defines an AWS ingress rule for CNI requirements.", "properties": { "description": { "type": "string" }, "fromPort": { "format": "int64", "type": "integer" }, "protocol": { "description": "SecurityGroupProtocol defines the protocol type for a security group rule.", "type": "string" }, "toPort": { "format": "int64", "type": "integer" } }, "required": [ "description", "fromPort", "protocol", "toPort" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "securityGroupOverrides": { "additionalProperties": { "type": "string" }, "description": "SecurityGroupOverrides is an optional set of security groups to use for cluster instances\nThis is optional - if not provided new security groups will be created for the cluster", "type": "object" }, "subnets": { "description": "Subnets configuration.", "items": { "description": "SubnetSpec configures an AWS Subnet.", "properties": { "availabilityZone": { "description": "AvailabilityZone defines the availability zone to use for this subnet in the cluster's region.", "type": "string" }, "cidrBlock": { "description": "CidrBlock is the CIDR block to be used when the provider creates a managed VPC.", "type": "string" }, "id": { "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "ipv6CidrBlock": { "description": "IPv6CidrBlock is the IPv6 CIDR block to be used when the provider creates a managed VPC.\nA subnet can have an IPv4 and an IPv6 address.\nIPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object.", "type": "string" }, "isIpv6": { "description": "IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with a VPC that has IPv6 enabled.\nIPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object.", "type": "boolean" }, "isPublic": { "description": "IsPublic defines the subnet as a public subnet. A subnet is public when it is associated with a route table that has a route to an internet gateway.", "type": "boolean" }, "natGatewayId": { "description": "NatGatewayID is the NAT gateway id associated with the subnet.\nIgnored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet.", "type": "string" }, "routeTableId": { "description": "RouteTableID is the routing table id associated with the subnet.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags is a collection of tags describing the resource.", "type": "object" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "vpc": { "description": "VPC configuration.", "properties": { "availabilityZoneSelection": { "default": "Ordered", "description": "AvailabilityZoneSelection specifies how AZs should be selected if there are more AZs\nin a region than specified by AvailabilityZoneUsageLimit. There are 2 selection schemes:\nOrdered - selects based on alphabetical order\nRandom - selects AZs randomly in a region\nDefaults to Ordered", "enum": [ "Ordered", "Random" ], "type": "string" }, "availabilityZoneUsageLimit": { "default": 3, "description": "AvailabilityZoneUsageLimit specifies the maximum number of availability zones (AZ) that\nshould be used in a region when automatically creating subnets. If a region has more\nthan this number of AZs then this number of AZs will be picked randomly when creating\ndefault subnets. Defaults to 3", "minimum": 1, "type": "integer" }, "cidrBlock": { "description": "CidrBlock is the CIDR block to be used when the provider creates a managed VPC.\nDefaults to 10.0.0.0/16.", "type": "string" }, "id": { "description": "ID is the vpc-id of the VPC this provider should use to create resources.", "type": "string" }, "internetGatewayId": { "description": "InternetGatewayID is the id of the internet gateway associated with the VPC.", "type": "string" }, "ipv6": { "description": "IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters.\nThis field cannot be set on AWSCluster object.", "properties": { "cidrBlock": { "description": "CidrBlock is the CIDR block provided by Amazon when VPC has enabled IPv6.", "type": "string" }, "egressOnlyInternetGatewayId": { "description": "EgressOnlyInternetGatewayID is the id of the egress only internet gateway associated with an IPv6 enabled VPC.", "type": "string" }, "poolId": { "description": "PoolID is the IP pool which must be defined in case of BYO IP is defined.", "type": "string" } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags is a collection of tags describing the resource.", "type": "object" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" }, "s3Bucket": { "description": "S3Bucket contains options to configure a supporting S3 bucket for this\ncluster - currently used for nodes requiring Ignition\n(https://coreos.github.io/ignition/) for bootstrapping (requires\nBootstrapFormatIgnition feature flag to be enabled).", "properties": { "controlPlaneIAMInstanceProfile": { "description": "ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed\nto read control-plane node bootstrap data from S3 Bucket.", "type": "string" }, "name": { "description": "Name defines name of S3 Bucket to be created.", "maxLength": 63, "minLength": 3, "pattern": "^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$", "type": "string" }, "nodesIAMInstanceProfiles": { "description": "NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read\nworker nodes bootstrap data from S3 Bucket.", "items": { "type": "string" }, "type": "array" } }, "required": [ "controlPlaneIAMInstanceProfile", "name", "nodesIAMInstanceProfiles" ], "type": "object", "additionalProperties": false }, "sshKeyName": { "description": "SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name)", "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object", "additionalProperties": false } }, "required": [ "template" ], "type": "object", "additionalProperties": false } }, "type": "object" }